On 1/4/2016 at 7:43 PM, "Daniel Kahn Gillmor" wrote:
Removing the metadata of who a message is for seems likely to require
either:
a) trial decryption on the recipient side (problematic for smartcard
and multiple-secret-key setups, as Neal and Werner pointed out),
or
b) some sort of racheted shared state between sender and recipient
(e.g. a briar- or axolotl-style esk, which might provide other
nice
features, like "deletable" ("forward-secret") messages)
While (b) is out of scope for us here until we get 4880bis sorted, if
someone wanted to experiment with that and report back, i'm sure it
would be interesting to several people on the list.
Or maybe there's a (c) option?
=====
Maybe a (c) option that combines aspects of (a) and (b):
[1] Suggesting that users of multiple secret keys have 1 unique e-mail
address for key.
(e.g. Hushmail allows for unlimited nym e-mail aliases which all go
to the same hushmail account under the primary [non-nym] e-mail
account.)
A user can generate multiple keypairs, assigning a different nym alias
to each of them).
[2] The users should not upload the keys to keyservers, but rather
exchange public keys with whomever they wish to communicate.
[3] They then use the --throw-keyid option, but the receiver knows
exactly which key it is, by seeing to which nym e-mail address it is
sent.
[4] No interceptor knows who the 'true' recipient is, except for
e-mail client, which could be set up to do this without tracking,
(i.e.
(a) register for the e-mail client under a false name with a pre-paid
no-name credit card
(b) use an e-mail client that allows multiple nym aliases )
-- just a possible avenue of exploration as to how it might be done
...
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp